WordPress.org

Make WordPress Core

Changeset 15832


Ignore:
Timestamp:
10/18/10 11:44:19 (5 years ago)
Author:
dd32
Message:

Use $wpdb->prepare in wp_old_slug_redirect(). See #15140

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/query.php

    r15827 r15832  
    31473147        global $wpdb; 
    31483148 
    3149         $query = "SELECT post_id FROM $wpdb->postmeta, $wpdb->posts WHERE ID = post_id AND meta_key = '_wp_old_slug' AND meta_value='" . $wp_query->query_vars['name'] . "'"; 
     3149        $query = $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta, $wpdb->posts WHERE ID = post_id AND meta_key = '_wp_old_slug' AND meta_value=%s", $wp_query->query_vars['name']); 
    31503150 
    31513151        // if year, monthnum, or day have been specified, make our query more precise 
    31523152        // just in case there are multiple identical _wp_old_slug values 
    31533153        if ( '' != $wp_query->query_vars['year'] ) 
    3154             $query .= " AND YEAR(post_date) = '{$wp_query->query_vars['year']}'"; 
     3154            $query .= $wpdb->prepare(" AND YEAR(post_date) = %d", $wp_query->query_vars['year']); 
    31553155        if ( '' != $wp_query->query_vars['monthnum'] ) 
    3156             $query .= " AND MONTH(post_date) = '{$wp_query->query_vars['monthnum']}'"; 
     3156            $query .= $wpdb->prepare(" AND MONTH(post_date) = %d", $wp_query->query_vars['monthnum']); 
    31573157        if ( '' != $wp_query->query_vars['day'] ) 
    3158             $query .= " AND DAYOFMONTH(post_date) = '{$wp_query->query_vars['day']}'"; 
     3158            $query .= $wpdb->prepare(" AND DAYOFMONTH(post_date) = %d", $wp_query->query_vars['day']); 
    31593159 
    31603160        $id = (int) $wpdb->get_var($query); 
    31613161 
    3162         if ( !$id ) 
     3162        if ( ! $id ) 
    31633163            return; 
    31643164 
Note: See TracChangeset for help on using the changeset viewer.